Content uploaded by Bruno Filipe Marques
Author content
All content in this area was uploaded by Bruno Filipe Marques on Feb 18, 2014
Content may be subject to copyright.
USING LDAP FOR NETWORK TOPOLOGY AND SERVICE
MANAGEMENT APPLICATIONS INTEGRATION
B.F. Marques*, J.A. Oliveira*, P.M. Coelho*, R.F. Oliveira†
*{bmarq,jaoliveira,pcoelho}@estv.ipv.pt, Electrical and Computer Sciences
Engineering’s Departments, Technical Superior School of Viseu
*
† rto@fe.up.pt, Electrical and Computer Engineering Department, Engineering
Faculty of University of Porto
PORTUGAL
Keywords: Network Management Applications, Basic Internet Protocols, LDAP
Abstract
Network & System management dimensions are handled by management applications, the information model
that these applications use is not open, and as a result only network administrators can access high level
information concerning a managed environment. In such a networked environment there is no application that
can provide in standard ways to other simple information such as: discovered network elements, topology
network, how network and service elements relate and meta information about them. In this article we will try
to explain how a management information base implemented by a standard Internet protocol like LDAP can be
very helpful to make the above information available and, therefore, to provide a means to facilitate the
integration of different management level applications and autonomous applications in straightforward fashion.
1 Introduction
Mission critical operations supported by networks are increasing all the time [1], involving an increasingly
large number of network management domains and network players.
A complete information system, retaining to the networked environment, is hidden internally by Network
Management Systems (NMS) applications, as if this information was not important for other management
applications (e.g. software agents).
Very simple and old management activities, such as network discovery, for example, [2] in a network
environment (Figure 1) populated by several network management applications, has to be recreated by each
management application. This activity replication does not make sense, especially if this is already carried out
by one of those applications. It would be very interesting for other applications to share this information to
perform specialized actions.
The only exception, to this situation, happens when network management applications belong to the same
vendor or when they have some kind of agreement to share proprietary information storage, through proprietary
APIs.
Figure 1 shows the complexity handled internally by Network Management Systems on the main axes
(functional areas, management layers, and common operations), and on the new axis, the high level
functionalities that a set of management applications are supposed to have between them: integration,
delegation, coordination all with autonomy and intelligence. This means that management applications must
communicate between themselves through a special management protocol, or a set of communications
protocols.
In the TMN world and any other data intensive system, information is an organized management object across
three management trees: the inheritance tree, the containment tree and the named tree [3]. This information
which was very interesting to understand the managed element behind the Agent, does not have an equivalent
in today’s managed elements, or more widely in a networked environment.
Figure 1: Management dimensions.
Existing information models are centred only on the element. On the other hand, at the network level there is no
information model that gathers all management information from the element level to the Business level, trying
also to unify other dimensions. This really makes sense and would be useful if made available to all
management applications, if we want to think about autonomy. For example, a recently arrived management
application would have all the information it needs to start it’s operations and activities.
Analyzing the trends for data communications, it is clear that different business applications use more and more
Internet application protocols to communicate such as: HTTP, SMTP, IMAP, SMB/NFS, LDAP, etc.
Therefore LDAP [4], the most ever adopted directory service, and as a standard protocol, is a good candidate to
allow a new generation of networked management systems to implement a global management information
model for the integration of all network management dimensions (Figure 1).
A network management information base, supported on LDAP Directory Services, can play an essential role in
the integration of management applications in networked environment consisting of one or more administrative
domains.
2 LDAP as Management Information Repository
Nowadays Network Management Applications are based on the Manager-Agent centralized paradigm, where a
central station collects and analyzes data retrieved from distributed network elements. In those systems,
management data is stored in a standard structure maintained (SNMP MIB, CMIP CMIS) on the element to be
managed. The information gathered and processed from the network is usually stored in SQL databases,
following a proprietary relational schema.
In the most common approach that follows established standards, agents at each network element are
periodically polled and return some data in response to requests coming from the central manager. When this
rigid approach has variations, we find SNMP proxy’s probes (RMON) or a kind of middle level manager that
provide a also a MIB and still communicates with upper managers through SNMP. In other words, these
intermediate management applications behave as SNMP agents to the central manager.
Still, information storage and all procedures are internal to themselves. Integration of those management
applications are not so simple!
The human manager accesses management servers, through a proprietary GUI that works in most cases in
client/server mode, or sometimes through a web based interface that is also proprietary.
Because interfaces to the outside world are always proprietary, there is no way that other management
applications, can access this information to reach and perform high level management functions in a
heterogeneous and permanently evolving environment. There is clearly a need for standard interfaces so that
network management information is published in an open way.
The communication between management applications in a manager role, still needs a solution. And that
solution must surely be very simple. And if we follow experiments in other application domains, we will also
find in network management environment IETF protocols (such as: HTTP, SMTP, IMAP, POP, SMB, FTP,
LDAP, etc.) in future. Why use these protocols ? Because they are generic, highly tested, they work all with
URLs to access objects and functions, and above all they are easy to use.
So what we call by an LDAP Management Information Bus - LMIB - (Figure 2), is an information structure
implemented based on LDAP [5](Figure 3), that allows the integration of management applications and
autonomous management applications to achieve high level management functions (Figure 1).
Figure 2: LDAP Management Information Bus.
The root of the LDAP tree is implemented by a Corporate LDAP server containing all internal business
information, characterization, etc. Since LDAP is very scalable, each of the management application’s LDAP
interface is one branch of the global LDAP tree.
Thus, using LDAP in conjunction with other basic Internet protocols, we will implement an important feature:
they will allow that both human operators and management applications (e.g. software agents) to use the same
information model. Humans will need graphic support, and management applications only need the content.
Therefore XML and XSL are other industrial standards that must be used with Internet protocols. The most
amazing thing is that, now all of the management players (users and applications) will see and use exactly the
same sources. The examples below are paradigmatic of this new era:
• LDAP - the user can navigate the directory with the LDAP browser, and the management application
accesses the LDAP entries through the LDAP protocol;
• HTTP - a management application can browse an web server and get only the XML part, and a human
behind a browser will use also the graphic part the XSL;
• IMAP - a mail server will let management applications read messages using IMAP and get only the
content (XML) and in the same time a user can see the same information with a XML/XSL enabled
mailer.
The above examples can be interrelated, and mixed URLs can be used, especially between LDAP and the
others. A good example of this integration is an email message, written in XML with and URL pointing to XSL
that can be dynamically generated accordingly to an LDAP entry that identifies the managed object in the mail
message.
Another interesting situation is that a particular network domain could have its own private LDAP server with a
specific or common management information model that administrators, users, and applications could use with
the ones implemented by Network Management System applications and perform overall management tasks.
Therefore, it is very important that vendors implement an LDAP interface in their management applications.
Figure 3: LDAP Management Information Bus model.
In the next Section we show some of the advantages gained by using the new LDAP Management
Information Bus model defined (see Figure 3). As we can see, the model tries to implement a common
management information structure by means of the LDAP protocol. This structure respects all
management concepts and standards that exist today (Figure 1).
3 Operational scenarios
In a managed domain it is possible to find different management applications, related to the different
management layers as those presented in the Figure 1. For example, to manage network elements HP
OpenView NNM is used. Similarly, to manage network services HP OpenView Operations is used. A Service
Desk management station could also be used. Those stations collect and manage their own information and act
like they are supposed to. One of several problems found in such a management environment is the integration
of each of these applications.
Let us suppose that these management applications have already an LDAP interface implemented.
Besides these kinds of management applications in our network environment (see Figure 4) we also find email
servers (IMAP, SNMP, POP), Web Servers and a Corporate LDAP Server to implement the root of the
Management Information Bus. Network administrators and other users have regular PCs as GUIs. Through
them, administrators can perform management tasks using standard Internet protocols (HTTP, XML/XSL)
without needing proprietary GUIs. Firewalls/Proxies implement secure network interconnections.
Figure 4: Network environment.
The Corporate LDAP root server support the network management information model in such way that takes
advantage of the existence of LDAP interfaces on the management applications (HPOV NNM, SD, OVO,
AixBOMS, etc.) and use network concepts of CMIP and DEN. Here, a particular management domain can
implement its own network policies.
Let us look at the concept in more depth. Below two possible scenarios are presented where it is possible to see
an easy management application integration and how users and autonomous applications can take advantage of
this mechanism based on simple Internet protocols that everyone knows and uses.
In the first scenario we show how users can perform management tasks.
In the second, like the first, the user is substituted by autonomous management applications that act on behalf
of a network administrator.
3.1 Users and management tasks
In this scenario we intend to show how, through the LDAP Management Information Bus concept, users can
use regular browsers to see and use the same information in the same way as they use proprietary GUIs.
Analyzing Figure 5, an NNM station collects its own information (network topology, events, etc.). Similarly, an
OVO station performs network services monitoring, thereby collecting its own information.
Figure 5: Users and management tasks.
AixBOMS is another application that is used to carry out the physical inventory of all network components.
Through an LDAP interface, which these stations should have implemented in themselves, a user can directly
access information in a standard manner and even make database queries (Figure 5 (1)).
Integration and coordination between HP OpenView NNM and HP OpenView Operations stations is easy to
achieve because of the facilities that the LDAP Management Information Bus provides.
Each time a network event occurs (a node down, an interface lost and as result, all network basic services
compromised) are notified sending an email through a IMAP server using XML/XSL (Figure 5 (2)). Users can
use email XML enabled clients to see the information, and by simply clicking the given link to the appropriate
location of the global LDAP structure, they can see all network incident related information (dynamic
generated, topology map, service degradation compromised by the incident, etc.) (Figure 5 (3), (4)).
According to the information, the user can react and solve the problems, even by browsing the Asset LDAP
branch implemented by AixBOMS to check for physical information about the problem element (Figure 5 (5)).
3.2 Autonomous applications and management tasks
One big problem we foresee is what happens if the human manager is out of his management domain? How can
he perform management tasks?
The operational scenario presented is similar to a burning house where the owner receives an email with the
video/images of his house on fire. Since he is not there, he can do nothing but watch it burn! For that situation,
our concept gives us a means to act rapidly on network incidents using autonomous management applications
that act on behalf of the human manager. Let’s see how.
Just like in the previous scenario, HP OpenView NNM and HP OpenView Operations are performing the tasks
they are expected to carry out. Similarly, HP OpenView Service Desk can collect network information from
these stations through the LDAP interface (Figure 6) which is supposed to be implemented. Each time a
network incident occurs, an email is sent to an IMAP server (Figure 6 (1)).
An autonomous management application can get the information by email (Figure 6 (2)), analyze it and act
accordingly. This means that the application can directly actuate on the network elements using SNMP/CMIP
(Figure 6 (4)), or go directly to a network element that hosts a particular service and try to get it back up. If the
application cannot resolve the incident by itself, it may use the Corporate LDAP root server and look for
possible solutions (Figure 6 (3)), or look for a trouble ticket that the LMIB might have.
Figure 6: Users and management tasks.
All this is possible in a very simple way. All management actors must have a standard way of communicating
in order to share network management information at different management levels.
4 Conclusions
Figure 7: LDAP Management Information Bus Structure implemented.
Besides several efforts in the research domain, standard network management systems still are based on very
weak protocols which only provide low level information. At the same time networking technologies converge
towards an industry global integration and, therefore, an open information model from network elements to the
business layer must exist.
In this article we proposed that LDAP directory services should play an important role by implementing a
network management information base, which we called LDAP Management Information Bus - LMIB. It
should also give network administrators and network applications standard mechanisms to implement high
level management functions in order to achieve network integration, and autonomous management through
intelligent applications and delegating network tasks. Figure 7 shows the operational function of the
information bus presented here. As we can see, it is very simple to integrate through different management
applications, user and autonomous applications and successfully achieve tasks in a simple way.
Increasingly, the use of Internet standard protocols in conjunction with LDAP have proven to be very
interesting, allowing management applications, human managers and management systems to share the same
information.
The operational scenarios presented herein stated the importance of the existence of a Network Management
Information Bus, implemented by means of the LDAP, a standard Internet protocol. As we all know, the
management task is complex and difficult so the existence of simple mechanisms that allow integration and
share of an overall complex management environment is important.
5 Future work
In our future work we intend to use not only network management systems but also service management
systems, network inventory systems and business policy systems. We will also try using Directory Services and
standard Internet protocols to integrate and unify all management information from the network element layer
to the business layer so as to achieve autonomous and proactive network management tasks.
Software Agent concepts will be explored in a such way as to define new autonomous management
applications. Therefore, a new communication and content language protocol like XMPP is being studied in
order to implement an improved Agent Framework Based on Instant Messaging, allowing direct
communication with Human users.
References
[1] Srinivansan Mahadevan Nadiraj Murthy: “Emerging role of network and system management (nsm)
applications,” http://www.wipro.com/pdf files/Emerging role of Network and System Management.pdf, 2002.
[2] Raul Filipe Teixeira Oliveira: “Gestion des Réseaux avec Connaissance des Besoins: Utilisation des Agents
Logiciel”, Ph.D. thesis, École Nationale Supérieure des Telecommunications, January 1998.
[3] Distributed Management Task Force: “CIM Tutorial”, http://www.wbemsolutions.com/tutorials/CIM/.
[4] OpenLDAP Foundation: “Openldap schema specification: Extending schema”,
http://www.openldap.org/doc/admin22/schema.html, 2004.
[5] Bruno F. Marques, Edgar Nogueira, José A. Oliveira, and Raúl F. Oliveira: “LDAP role in network
management”, 11th HP OpenView University Associations Workshop, Paris, June 2004.
